The U.S. government on Wednesday shut down a vital resource for keeping tabs on what powerful spying tools its agencies are buying, making it harder to reliably find out how agencies including ICE are spending taxpayers’ dollars. www.404media.co/the-governm...
Remember when we all used to talk about how invasive the “Great Firewall of China” was?
Pepperidge Farm remembers.
Now we buy cameras for our front doors so they can ID anyone on our street and report their location in real time. Photo IDs to use the internet. Etc etc. is this the future we want?
This implies it can’t be used on patrol. Interesting.
Anyone want to burn down some criminal's infra? app.any.run/tasks/63ba90... Live right now
Note: this is illegal in Illinois?
New TTP added to my list today because I was working on implementing security controls. This falls into my favorite category: features with unintended consequences. Also it’s a lolbin. Not yet in LOLBAS.
And as long as you don't care about privacy at all, you should be good to go
TIL you can register with ChatGPT to offensive security use chatgpt.com/cyber
Take notes. THIS is how you articulate the difference between warm fuzzy marketing and propaganda for a commercial dystopia.
Good riddance @discord.com
www.youtube.com/watch?v=Y5o3...
LOOK AT THIS PRIVACY POLICY.
Look at it. You can read it because they don’t need a ton of legalese to make you stop reading all the ways they’ll sell your data.
They just don’t do that. None of it.
tessie.com/privacy
We want the soundtrack!
Early bird tickets are still available! 🎉
Use code BS312-EB20 to get 20% off your #BSides312 ticket.
Grab yours now 👉 bsides312.org
While you’re there, consider volunteering and helping make the event awesome!
#BSides
cupholder.exe was one of my favorite memories when growing up.
To be clear. NetNTLMv1 support needs to go. But for the low security budgets, the companies that can’t navigate their way out from under this one, detection and effective response will be your saving grace (or it won’t be).
If your SOC doesn’t already alert on NetNTLM with challenges of “1122334455667788” you should fix that NOW.
cloud.google.com/blog/topics/...
If you’re not watching EXO labs, and you have any good reason to run local LLMs stop now and read blog.exolabs.net/nvidia-dgx-s...
Did you know your taxes were being used to buy your flight records from commercial airlines so your movement could be tracked without a warrant?
This is fork&run to execute BOFs in a remote process, same API, and get output back over a pipe--demonstrated with Havoc.
Same arch could support explicit injection. Add-in an injector artifact + psexec, could remotely run a BOF without an agent and get output back too. bofexec? :)
NEW: Apple, Google, and WhatsApp now regularly notify their users if they suspect they have been targeted or hacked with government spyware, such as that made by NSO Group or Paragon.
We spoke to experts and wrote a guide on what to do, and where to go, if you receive one of those notifications.
This tool is an especially powerful and widely applicable one. Don’t get caught up in saying no, infosec.
ORLY?
This implies that getting a warrant for this was anything other than a rubber stamp in a web interface before now.
NARRATOR (V.O.) It wasn't.
30% of the code, and 100% of the design is now done by AI
0nrnicrosoft[.]com was registered last night
When 2040 me can’t give someone a dirty look without it being captured, catalogued, and sold to the surveillance state - this is one of the ways we got there.
